Accountability and Enforcement Under the CARES Act

What to Expect from the Act’s Oversight Provisions

April 1, 2020

On Friday, March 27, 2020, the Coronavirus Aid, Relief, and Economic Security Act (or the “CARES Act”) became law, marking the third phase of government aid to combat the COVID-19 pandemic.

This $2 trillion stimulus package, the largest in American history, will be accessed by wide swaths of the economy, with similarly widespread potential for fraud.  Consequently, the accountability and oversight provisions built into the CARES Act, especially of the $500 billion corporate relief fund, warrants attention.  Taking its cue from – and seemingly modeled after – the 2008 Troubled Asset Relief Program (“TARP”), the CARES Act establishes a three-part oversight structure, including a Special Inspector General for Pandemic Recovery (“SIGPR”) with far-reaching authority to monitor the $500 billion fund.  Based on the experience with TARP oversight and the enforcement actions taken by the Special Inspector General of TARP (“SIGTARP”) over the years, we can expect a high level of scrutiny by SIGPR and the other overseers, as well as potentially years of investigations into fraud and misuse of CARES Act funds resulting in substantial monetary penalties and criminal referrals.

The CARES Act Oversight Structure

The CARES Act establishes three main oversight mechanisms:[1]

  • The Pandemic Response Accountability Committee (the “Committee”) was established to detect fraud, waste, abuse, and mismanagement, and to mitigate major risks that cut across agency and program boundaries.The members of the Committee include Inspectors General of several federal agencies, including the Departments of Defense, Justice, and the Treasury.On March 30, 2020, the Chairperson of the Council of the Inspectors General on Integrity and Efficiency (the “Council”) selected Glenn Fine, the acting Inspector General for the Pentagon, as the Chairperson of the Committee.In consultation with Congress, the Council will select both an Executive Director and Deputy Executive Director of the Committee.The Committee oversees not only CARES Act funds, but also money for aid under the first two phases of COVID-19 relief.The CARES Act earmarks $80 million for the Committee, which is authorized to conduct investigations and required to submit biannual reports to the President and Congress.The Committee will terminate on September 30, 2025.
  • The Congressional Oversight Commission (the “Commission”), which is composed of five members chosen by the majority and minority leaders of both houses of Congress, is responsible for supervising the implementation of the CARES Act by the Department of the Treasury and the Federal Reserve Board, and assessing the effectiveness of Congressional efforts to provide economic stability in light of the COVID-19 pandemic.Every 30 days, it must submit reports to Congress reviewing the Secretary’s authority, the economic impact of the program, market transparency, and the effectiveness of assistance to taxpayers.It has broad authority to take testimony, hold hearings, and otherwise obtain information from any federal department or agency it deems necessary.It will terminate on September 30, 2025.
  • The SIGPR is appointed by the President with the advice and consent of the Senate to conduct audits and investigations of loans, loan guarantees, and other investments made by the Treasury Secretary (the “Secretary”).The CARES Act vests the SIGPR with a broad mandate and authority to undertake investigations without the need for the Secretary’s approval.For example, the SIGPR has the authority to issue subpoenas and to administer oaths to take testimony, and can both make warrantless arrests and seek arrest and search warrants without first obtaining authorization from the Attorney General.The SIGPR must submit quarterly reports to Congress, including details of loans associated with the program.The SIGPR is also required to report to Congress any instances when it is unreasonably refused or denied information it has sought. Congress budgeted $25 million of the $500 billion allocated to the Secretary for the CARES Act to the SIGPR.The SIGPR will terminate on March 27, 2025.

Comparison to TARP Oversight

The CARES Act oversight functions appear to be modeled after the oversight Congress put in place for TARP, the $700 billion bank bailout passed during the 2008 financial crisis as part of the Emergency Economic Stabilization Act (the “EESA”).  Like the CARES Act, the EESA established multiple oversight mechanisms including (a) the Financial Stability Oversight Board, (b) the Congressional Oversight Panel (the “Panel”), and (c) the Office of SIGTARP.[2] 

Similar to the provisions governing the CARES Act’s Commission, the EESA tasked the Panel with submitting regular reports to Congress.  It granted the Panel broad power to review the Secretary’s authority, and the impact of purchases made under TARP on the markets, among other things.  The five-person, bipartisan Panel was also given almost identical authority to hold hearings, take testimony, and otherwise obtain official data from departments and agencies.  Finally, while both the Commission and the Panel are subject to statutory termination dates, the EESA tied the termination of the Panel to the end of the Secretary’s authority under the statute (which could be extended).  By contrast, the CARES Act provides for a set date, March 27, 2025, for the Commission’s termination, and does not explicitly allow for extension of the Secretary’s statutory authority.

Significantly, the SIGPR and SIGTARP also involve strikingly similar statutory provisions with only minor differences.

  • Similarities Among Statutory Provisions
    • Like SIGPR, SIGTARP was expected to perform a quarterly reporting function, involving a detailed statement of all purchases and revenues associated with the relevant programs as well as information SIGTARP collected.
    • Like the SIGPR, and unlike other Inspectors General focused on more general agency oversight, SIGTARP was specifically tasked with supervising audits and investigations of the Secretary pursuant to a particular federal aid program.

      The EESA also granted SIGTARP and SIGPR similar investigative authority, including subpoena power, except that SIGTARP was not specifically exempted under the EESA from the need to obtain authorization from the Attorney General before making a warrantless arrest or seeking an arrest or search warrant.
    • Both statutory provisions require the President to nominate a Special Inspector General with integrity and demonstrated ability in accounting, auditing, financial analysis, law, management analysis, public administration, or investigations.
  • Differences in Scope of Oversight and Termination Date
    • The SIGPR supervises the Secretary’s actions with regard to a far wider array of businesses than SIGTARP.Unlike the broader range of CARES Act relief fund recipients, the primary beneficiaries of TARP at its inception were a finite number of regulated financial institutions and other entities.Nevertheless, SIGPR only has an initial budget of $25 million, while SIGTARP was initially allocated $50 million.
    • The EESA did not tie SIGTARP’s expiration to a specific date, instead linking it to the Secretary’s final transfer of troubled assets or the expiration of the last relevant insurance contract.By contrast, the SIGPR terminates five years after enactment of the CARES Act.

What to Expect In Terms of CARES Act Oversight

Given these similarities with TARP, the activity of oversight bodies established under the EESA will be instructive in predicting how CARES Act accountability mechanisms might function.  SIGTARP actively investigated frauds involving TARP recipients, and remains active even today.  Its investigations have led to numerous criminal referrals, resulting in 381 convictions and the recovery of $11 billion in enforcement actions.  If the SIGPR follows SIGTARP’s lead, we can expect robust and aggressive enforcement activity.  We can also expect the SIGPR, like SIGTARP, to construe its mandate broadly and work closely with the Department of Justice and U.S. Attorney’s Offices in prosecuting misconduct.  Companies receiving CARES Act relief should therefore make sure they have implemented internal mechanisms to comply with all CARES Act requirements as well as other applicable regulations.

It is worth noting that in a signing statement released hours after the CARES Act became law, President Trump asserted, “I do not understand, and my Administration will not treat, [the CARES Act] as permitting the SIGPR to issue reports to the Congress without the presidential supervision required by the Take Care Clause, Article II, section 3.”[3]  This statement could indicate this Administration’s intention to keep SIGPR’s authority more restricted than it was for SIGTARP.  Either way, given the far-reaching influence the CARES Act will have on the nation’s economy, we can expect the oversight mechanisms in the act to be active, even years after the COVID-19 virus has been wrestled into submission and the immediate health and economic crisis has ended.

This article has been republished by The NYU Program on Corporate Compliance & Enforcement.



[1] Coronavirus Aid, Relief, and Economic Security Act, H.R. 748, §§ 4018, 4020, 15010 (2020).

[2] Economic Emergency Stabilization Act, Pub. L. No. 82 110-343, §§ 104, 121, 125 (2008).

[3] Statement by the President Issued on: March 27, 2020, White House, https://www.whitehouse.gov/briefings-statements/statement-by-the-president-38/ (last visited Mar. 30, 2020).